Hello Michael,
Maybe some info that can be useful for you to help me:
CRIN:
TMS8hU+b8oPhoYS55b/NaQ
HASHED CRIN (openssl dgst -sha1 <
Proyectos/SEMC/OpenCA/Vars/ProjectVars/CRIN11):
801ab1fa070f30ca4ca57fa8e47d306eaf40f284
PIN in db:
5e86d229d29e4f856f9b798cad5fe007808c6afc
PIN in clear text:
1111111111 (1 10 times)
as you can see, nothing is similar here.
Am I misunderstanding the bellow code from
lib/cmds/confirm_revreq?
my $hashed_crin = $cryptoShell->getDigest ( DATA =>
$crin, ALGORITHM => "sha1" );
## get the informations about the crin
my $pin =
$cert->getParsed()->{HEADER}->{PIN};
## check the crin
if ($pin ne $hashed_crin) {
Is there any openssl command you use to create the
CRIN? or how is it created?
Thanks a lot,
Johnny
--- Johnny Gonzalez <[EMAIL PROTECTED]>
escribió:
> Hello Michael,
>
> First, thanks for your instructions.
> Second, please don't read my last message I post it
> before reading your answer :$
>
> And after reading your kind answer, I'm a little
> confused. Reading the perl code that OpenCA uses
> after the user writes in the Public Interface the
> CRIN code for his(her) certificate, I thought that
> OpenCA first hashes that written CRIN and compares
> it with the PIN in the DB, and I thought that was
> the way OpenCA uses to verify the CRIN code entered
> by the user, but now, after your reply, I'm thinking
> it twice. So a new question, that I have to add to
> my large queue, is that PIN a hashed representation
> of the CRIN code for the cert? If it isn't how can I
> verify the CRIN entered by the user?
>
> The question is based on the fact that I used the
> command you recommend me, but that doesn't look like
> that PIN in the DB:
>
> I'm executing this command:
> openssl dgst -sha1 CRIN11
> SHA1(CRIN11)=
> db61f83ee19208bbc976ba9685b4f686efd22018
>
> but the result is different from what I have in the
> DB
>
> PIN in db:
> 5e86d229d29e4f856f9b798cad5fe007808c6afc
>
>
> Thanks a lot for your patience with me :-)
>
> Johnny
>
> Michael Bell <[EMAIL PROTECTED]>
> escribió:
> Johnny Gonzalez wrote:
>
> > I tryed using openca-digest too, but the output is
> > different from the PIN stored in the db, so my new
> > question is: how is this PIN generated? in the
> > "certificate" table in "data" field thereis a PIN,
> I
> > thinks that is the only parameter OpenCA uses to
> check
> > the CRIN, so I'm trying to use it too but that PIN
> > also is different to the output of openca-digest
> > command:
> >
> > openca-digest sha1 TMS8hU+b8oPhoYS55b/NaQ
> > Digest: SHA1
> > String: TMS8hU+b8oPhoYS55b/NaQ
> > SHA1: 22H4PuGSCLvJdrqWhbT2hu/SIBg
> >
> > and the cert PIN in DB is:
> > PIN=5e86d229d29e4f856f9b798cad5fe007808c6afc
>
> The PIN will be created during the certificate
> creation. Sometimes the
> users don't like it and use the PIN of the request
> but I describe the
> default model. This PIN will be hashed with SHA1.
> This hash/digest is
> stored in the header (PIN=...).
>
> The original command is the following:
>
> openssl dgst -sha1 < stdin
>
> You can use "openssl dgst -sha1 CLEAR_PIN" too.
>
> So are you sure that you have the correct clear text
> PIN? How do you get
> the clear text PIN.
>
> Michael
> --
>
_______________________________________________________________
>
> Michael Bell Humboldt-Universitaet zu Berlin
>
> Tel.: +49 (0)30-2093 2482 ZE Computer- und
> Medienservice
> Fax: +49 (0)30-2093 2704 Unter den Linden 6
> [EMAIL PROTECTED] D-10099 Berlin
>
_______________________________________________________________
>
>
> ---------------------------------
>
> Correo Yahoo!
> Comprueba qué es nuevo, aquí
> http://correo.yahoo.es
______________________________________________
Renovamos el Correo Yahoo!
Nuevos servicios, más seguridad
http://correo.yahoo.es
-------------------------------------------------------
This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput
a projector? How fast can you ride your desk chair down the office luge track?
If you want to score the big prize, get to know the little guy.
Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20
_______________________________________________
OpenCA-Devel mailing list
OpenCA-Devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-devel
